View Javadoc

1   package fr.in2p3.jsaga.adaptor.security;
2   
3   import java.io.FileInputStream;
4   import java.io.FileNotFoundException;
5   
6   import org.bouncycastle.openssl.PasswordFinder;
7   import org.italiangrid.voms.clients.util.VOMSProxyPathBuilder;
8   import org.italiangrid.voms.credential.LoadCredentialsEventListener;
9   import org.italiangrid.voms.credential.impl.AbstractLoadCredentialsStrategy;
10  import org.italiangrid.voms.util.FilePermissionHelper;
11  
12  import eu.emi.security.authn.x509.X509Credential;
13  import eu.emi.security.authn.x509.impl.KeystoreCredential;
14  import eu.emi.security.authn.x509.impl.PEMCredential;
15  
16  /*
17   * FIXME: remove this class when voms-api-java works on Windows
18   */
19  public class JSAGALoadUserCredential extends AbstractLoadCredentialsStrategy {
20  
21      String certFile;
22      String keyFile;
23      
24      String pkcs12File;
25      LoadCredentialsEventListener listener;
26      
27      public JSAGALoadUserCredential(LoadCredentialsEventListener listener, String certFile, String keyFile){
28          super(listener);
29          this.certFile = certFile;
30          this.keyFile = keyFile;
31          this.listener = listener;
32      }
33      
34      public JSAGALoadUserCredential(LoadCredentialsEventListener listener, String pkcs12File){
35          super(listener);
36          this.pkcs12File = pkcs12File;
37          this.listener = listener;
38      }
39      
40      public X509Credential loadCredentials(PasswordFinder passwordFinder) {
41          
42          if (pkcs12File != null)
43              return loadPKCS12Credential(pkcs12File, passwordFinder);
44          
45          if (certFile != null && keyFile != null)
46              return loadPEMCredential(keyFile, certFile, passwordFinder);
47          
48          return null;
49      }
50  
51      /**
52       * Loads a  PEM X.509 credential and notifies the registered {@link LoadCredentialsEventListener} of
53       * the load operation outcome.
54       * 
55       * @param privateKeyPath the path to the private key
56       * @param certificatePath the path to the certificate
57       * @param pf a {@link PasswordFinder} used to resolve the private key password when needed
58       * @return the loaded {@link X509Credential}, or <code>null</code> if the credential couldn't be loaded 
59       */
60      protected X509Credential loadPEMCredential(String privateKeyPath, String certificatePath, PasswordFinder pf){
61          
62          PEMCredential cred = null;
63          
64          listener.notifyCredentialLookup(privateKeyPath, certificatePath);
65          
66          try {
67                          
68              if (!System.getProperty("os.name").startsWith("Windows")) {
69                  FilePermissionHelper.checkPrivateKeyPermissions(privateKeyPath);
70              }
71              
72              cred =  new PEMCredential(new FileInputStream(privateKeyPath),
73                          new FileInputStream(certificatePath),
74                          pf);
75              
76              listener.notifyLoadCredentialSuccess(privateKeyPath, certificatePath);
77              
78          
79          } catch (Throwable t) {
80              
81              listener.notifyLoadCredentialFailure(t, privateKeyPath, certificatePath);
82          }
83      
84          return cred;
85          
86      }
87  
88      /**
89       * Loads a PCKS12 X.509 credential and notifies the registered {@link LoadCredentialsEventListener} of
90       * the load operation outcome.
91       * 
92       * @param pkcs12FilePath the path to the pkcs12 credential
93       * @param pf a {@link PasswordFinder} used to resolve the private key password 
94       * @return the loaded {@link X509Credential}, or <code>null</code> if the credential couldn't be loaded 
95       */
96      protected X509Credential loadPKCS12Credential(String pkcs12FilePath, PasswordFinder pf){
97          KeystoreCredential cred = null;
98          
99          listener.notifyCredentialLookup(pkcs12FilePath);
100         
101         if (fileExistsAndIsReadable(pkcs12FilePath)){
102             
103             
104             char[] keyPassword = pf.getPassword();
105             try {
106             
107                 if (!System.getProperty("os.name").startsWith("Windows")) {
108                     FilePermissionHelper.checkPKCS12Permissions(pkcs12FilePath);
109                 }
110                 
111                 cred = new KeystoreCredential(pkcs12FilePath, keyPassword, keyPassword, null, "PKCS12");
112                 listener.notifyLoadCredentialSuccess(pkcs12FilePath);
113             
114             } catch (Throwable t) {
115                 
116                 listener.notifyLoadCredentialFailure(t, pkcs12FilePath);
117             }
118         
119         }else
120             listener.notifyLoadCredentialFailure(new FileNotFoundException(pkcs12FilePath+" (cannot read file)"), pkcs12FilePath);
121             
122         return cred;
123     }
124 
125 }